Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. An interconnecting device, comprising: a plurality of outgoing ports; a plurality of incoming ports; memory configured to store at least one port translation from an incoming port to an outgoing port; and at least one hardware processor configured to: determine whether an incoming connection from an originating device was received at an incoming port for which the memory stores a port translation; in case the incoming connection was received at an incoming port for which the memory stores a port translation, return a challenge to the originating device, the challenge intended to distinguish humans from computers; receive a response to the challenge; verify that the response is a correct response to the challenge; and in case the response is a correct response to the challenge, forward the connection to an outgoing port corresponding, according to the port translation, to the incoming port at which the incoming connection was received.
This invention relates to network security and traffic management, specifically addressing the problem of automated or malicious traffic targeting network devices. The device acts as an intermediary between incoming and outgoing network connections, filtering and validating traffic before forwarding it to its destination. It includes multiple incoming and outgoing ports, memory for storing port translation rules, and a processor to manage connection handling. When an incoming connection is received at a port with an associated translation rule, the device generates a challenge-response mechanism to verify the connection originates from a human user rather than an automated system. The challenge may involve tasks like CAPTCHA puzzles or other verification methods. If the response is correct, the connection is forwarded to the corresponding outgoing port based on the stored translation rules. This approach helps mitigate automated attacks, such as brute-force attempts or bot traffic, while allowing legitimate traffic to pass through. The device can be deployed in various network environments to enhance security and control traffic flow dynamically.
2. The interconnecting device of claim 1 , wherein the plurality of outgoing ports comprises a first port configured for connection to a first device.
This invention relates to an interconnecting device designed to facilitate communication between multiple devices in a network. The device addresses the challenge of efficiently routing data between interconnected systems, particularly in environments where multiple devices need to communicate with each other through a centralized or distributed interconnect structure. The interconnecting device includes a plurality of outgoing ports, each configured to connect to a separate device. At least one of these ports is specifically designated as a first port, which is optimized for connection to a first device. This port may include specialized hardware or software features to ensure compatibility, high-speed data transfer, or other performance enhancements tailored to the first device's requirements. The device may also incorporate additional ports for connecting to other devices, allowing for a scalable and flexible network architecture. The interconnecting device may further include internal routing logic to manage data flow between the connected devices, ensuring efficient and reliable communication. This logic could involve packet switching, bandwidth allocation, or error correction mechanisms to maintain data integrity. The device may also support various communication protocols, enabling seamless integration with different types of devices and network configurations. Overall, the invention provides a robust solution for interconnecting multiple devices in a network, with a focus on optimizing performance for a specific device through a dedicated port configuration. This enhances system efficiency, scalability, and reliability in networked environments.
3. The interconnecting device of claim 2 , wherein the challenge is of one of a plurality of types of challenges and wherein the at least one hardware processor is further configured to determine a type of service running on the first port and to determine the type of challenge in dependence on the type of service.
This invention relates to an interconnecting device, such as a network switch or router, designed to enhance security by dynamically selecting authentication challenges based on the type of service running on a network port. The device addresses the problem of static security measures that fail to adapt to different service requirements, leaving networks vulnerable to attacks tailored for specific services. The interconnecting device includes at least one hardware processor configured to monitor network traffic on a first port and identify the type of service running on that port. The processor then selects an appropriate challenge from a plurality of challenge types, where each challenge type corresponds to a different service type. For example, a web service might trigger a different authentication challenge than a database service, ensuring that security measures are optimized for the specific vulnerabilities of each service. The device also includes a memory storing the challenge types and a communication interface for transmitting the selected challenge to the first port. By dynamically adjusting challenges based on service type, the device improves security by reducing the effectiveness of generic attacks and adapting to the unique security needs of different services. This approach ensures that authentication is both robust and context-aware, minimizing false positives and enhancing overall network resilience.
4. The interconnecting device of claim 3 , wherein the challenge is a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA).
This invention relates to an interconnecting device designed to enhance security in network communications by verifying the authenticity of devices or users before granting access. The device addresses the problem of unauthorized access and malicious attacks in networked systems by implementing a challenge-response mechanism to distinguish legitimate entities from automated threats. The interconnecting device includes a challenge module that generates a challenge to be presented to an entity seeking access. The challenge is specifically a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), which requires the entity to perform a task that is easy for humans but difficult for automated systems, such as recognizing distorted text or images. The device also includes a response verification module that evaluates the entity's response to the challenge. If the response is correct, the device grants access; otherwise, it denies access. The interconnecting device may be integrated into various networked systems, such as servers, routers, or gateways, to provide an additional layer of security. The use of CAPTCHA ensures that only human users or authorized devices can bypass the security check, effectively mitigating automated attacks like brute-force attempts and bot-driven intrusions. This solution is particularly useful in environments where automated threats are prevalent, such as online services, financial systems, and critical infrastructure.
5. The interconnecting device of claim 4 , wherein types of challenge comprise web CAPTCHA and text CAPTCHA.
This invention relates to an interconnecting device designed to facilitate secure communication between a client device and a server, particularly in scenarios where the server requires authentication challenges such as CAPTCHAs to verify the client's legitimacy. The device acts as an intermediary, handling the challenge-response process on behalf of the client to streamline authentication while maintaining security. The interconnecting device is configured to process different types of authentication challenges, including web CAPTCHAs and text CAPTCHAs, which are commonly used to distinguish human users from automated systems. By managing these challenges, the device reduces the burden on the client, ensuring seamless and secure access to server resources. The system may also include mechanisms to validate the client's identity before forwarding challenges, adding an additional layer of security. This approach enhances user experience by automating the authentication process while preserving the integrity of the server's security measures. The interconnecting device is particularly useful in environments where frequent authentication is required, such as web applications or cloud services, where manual CAPTCHA solving can be time-consuming and inefficient.
6. The interconnecting device of claim 1 , wherein, in case the incoming connection is a HyperText Transfer Protocol (HTTP) connection, the at least one hardware processor is configured to return the challenge by presenting a captive web portal with a web Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), and to forward the connection using a HTTP redirect.
This invention relates to an interconnecting device designed to manage and secure network connections, particularly focusing on handling HTTP connections. The device includes at least one hardware processor that processes incoming connections from client devices. When an incoming connection is identified as an HTTP connection, the processor generates a challenge to verify the legitimacy of the connection. This challenge is presented to the user via a captive web portal, which includes a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to distinguish between automated bots and human users. Upon successful completion of the CAPTCHA, the device forwards the connection using an HTTP redirect, ensuring secure and authenticated access. The interconnecting device may also include additional features such as network interface modules for receiving and transmitting data, and a storage module for storing configuration settings and user data. The overall system is designed to enhance network security by preventing unauthorized or automated access while maintaining a seamless user experience for legitimate connections.
7. The interconnecting device of claim 1 , wherein, in case the incoming connection is a Secure Socket Layer (SSL) or Telnet connection, the at least one hardware processor is configured to return the challenge by presenting a captive terminal with a text Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), and to forward the connection by terminating the connection and forwarding a further connection from the originating device.
This invention relates to an interconnecting device designed to enhance network security by verifying the authenticity of incoming connections. The device addresses the problem of unauthorized access attempts, particularly those using Secure Socket Layer (SSL) or Telnet protocols, which are vulnerable to automated attacks. The device includes at least one hardware processor configured to detect and respond to such connections by presenting a challenge to the originating device. Specifically, when an SSL or Telnet connection is detected, the processor generates a captive terminal displaying a text-based CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to distinguish human users from automated systems. If the CAPTCHA is successfully completed, the device terminates the initial connection and establishes a new, secure connection from the originating device, effectively forwarding the traffic while ensuring the legitimacy of the user. This mechanism prevents automated bots from bypassing security measures, thereby improving network security and reducing unauthorized access risks. The device operates transparently, integrating seamlessly into existing network infrastructures without requiring significant modifications to the underlying protocols.
8. The interconnecting device of claim 1 , wherein the at least one hardware processor upon reception of a correct response to the challenge is further configured to initiate a state such that subsequent connections from the originating device are forwarded without returning a challenge.
This invention relates to a secure interconnecting device designed to manage network connections between devices, particularly focusing on authentication and challenge-response mechanisms. The device includes at least one hardware processor that generates and sends a challenge to an originating device attempting to establish a connection. The originating device must provide a correct response to this challenge to authenticate itself. Upon receiving a correct response, the hardware processor initiates a trusted state, allowing subsequent connections from the originating device to bypass the challenge-response process, thereby streamlining future communications while maintaining security. The device may also include a network interface for receiving and transmitting data, as well as a memory for storing authentication data and connection rules. The challenge-response mechanism ensures that only authenticated devices can establish connections, while the trusted state reduces unnecessary authentication steps for verified devices, improving efficiency. This approach balances security and performance in networked environments.
9. A method at an interconnecting device comprising: receiving from an originating device an incoming connection at an incoming port; determining by at least one hardware processor whether port translation is implemented for the incoming port; in case port translation is implemented for the incoming port, returning to the originating device by the at least one hardware processor a challenge intended to distinguish humans from computers; verifying by the at least one hardware processor that a response received in response to the challenge is a correct response to the challenge; and in case the response is a correct response to the challenge, forwarding, by the at least one hardware processor, the connection to an outgoing port corresponding, according to the port translation, to the incoming port at which the incoming connection was received.
This invention relates to network security, specifically methods for mitigating automated attacks on network devices by implementing port translation with human verification. The problem addressed is the vulnerability of network devices to automated attacks, such as brute-force attempts or bot-driven connections, which can overwhelm or compromise the device. The solution involves an interconnecting device that acts as a gateway or router between an originating device and a target system. When an incoming connection is received at an incoming port, the interconnecting device checks if port translation is enabled for that port. If enabled, the device sends a challenge-response mechanism to the originating device to verify that the connection is initiated by a human rather than an automated system. The challenge may involve solving a CAPTCHA or similar test. The interconnecting device then verifies the response. If correct, the connection is forwarded to an outgoing port that corresponds to the incoming port according to a predefined port translation mapping. This ensures that only verified human-initiated connections are allowed through, while automated attacks are blocked. The method enhances security by combining port translation with human verification, reducing the risk of unauthorized access or denial-of-service attacks.
10. The method of claim 9 , wherein the challenge is of one of a plurality of types of challenges and wherein the method further comprises determining a type of service running on the translated port and determining the type of challenge in dependence on the type of service.
This invention relates to network security, specifically to methods for dynamically selecting authentication challenges based on the type of service running on a network port. The problem addressed is the need for adaptive security measures that tailor authentication challenges to the specific service being accessed, improving both security and user experience. The method involves intercepting a connection request to a translated port, which is a port that has been remapped from its original address. The system first identifies the type of service running on the translated port, such as a web server, database, or file transfer service. Based on this service type, the system then selects an appropriate authentication challenge from a predefined set of challenge types. For example, a web service might require a multi-factor authentication challenge, while a database service might use a different verification method. This dynamic selection ensures that the authentication process is optimized for the service's security requirements and operational context, reducing unnecessary complexity for low-risk services while maintaining robust security for high-risk ones. The approach enhances security by adapting to the specific vulnerabilities and access patterns of different services, rather than applying a one-size-fits-all authentication scheme.
11. The method of claim 9 , wherein, in case the incoming connection is a HyperText Transfer Protocol (HTTP) connection, the at least one hardware processor returns the challenge by presenting a captive web portal with a web Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), and forwards the connection using a HTTP redirect.
This invention relates to network security, specifically methods for authenticating and managing incoming network connections to prevent unauthorized access. The problem addressed is the need to verify the legitimacy of incoming connections, particularly those using the HyperText Transfer Protocol (HTTP), while ensuring seamless redirection for authorized users. The method involves using at least one hardware processor to detect and authenticate incoming connections. When an HTTP connection is detected, the processor generates a challenge to verify the connection's legitimacy. This challenge is presented to the user via a captive web portal, which displays a web-based CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to distinguish between automated bots and human users. Upon successful CAPTCHA completion, the connection is forwarded using an HTTP redirect, allowing the user to proceed to the intended destination. This approach enhances security by filtering out automated threats while maintaining usability for legitimate users. The method may also include additional authentication steps, such as verifying the connection against a whitelist or blacklist of known IP addresses or domains, to further strengthen security measures. The system dynamically adapts to different types of connections, ensuring robust protection against unauthorized access attempts.
12. The method of claim 9 , wherein, in case the incoming connection is a Secure Socket Layer (SSL) or Telnet connection, the at least one hardware processor returns the challenge by presenting a captive terminal with a text Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), and forwards the connection by terminating the connection and forwarding a further connection from the originating device.
This invention relates to network security, specifically methods for authenticating and managing incoming connections to a network or system. The problem addressed is the need to verify the legitimacy of incoming connections, particularly those using protocols like Secure Socket Layer (SSL) or Telnet, which may be vulnerable to automated or malicious access attempts. The method involves using a hardware processor to detect and respond to incoming connections. When an SSL or Telnet connection is identified, the processor generates a challenge by presenting a captive terminal with a text-based CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). This CAPTCHA requires the user to complete a task that distinguishes human users from automated systems, ensuring only legitimate users proceed. If the CAPTCHA is successfully completed, the processor terminates the original connection and forwards a new connection from the originating device, effectively re-establishing a secure and authenticated session. This approach enhances security by preventing automated attacks while maintaining usability for legitimate users. The method is particularly useful in environments where protocol-based authentication alone is insufficient to prevent unauthorized access.
13. The method of claim 9 , further comprising, upon reception of a correct response to the challenge, initiating, by the at least one hardware processor, a state such that subsequent connections from the originating device are forwarded without returning a challenge.
This invention relates to network security, specifically a method for managing authentication challenges in network communications. The problem addressed is the inefficiency of repeatedly presenting authentication challenges to trusted devices, which can degrade performance and user experience. The solution involves a dynamic authentication system that adapts based on device behavior. The method operates by monitoring connections from an originating device. When a connection is detected, an authentication challenge is presented to the device. If the device provides a correct response, the system enters a state where subsequent connections from the same device are forwarded without further challenges. This state persists until a predefined condition is met, such as a timeout or a security policy violation. The system may also track the device's behavior to determine when to re-enable challenges, ensuring security while minimizing unnecessary authentication steps. The method includes a hardware processor that handles the challenge-response process and manages the state transitions. The system can be integrated into network security devices like firewalls or gateways, improving efficiency by reducing redundant authentication steps for trusted devices. This approach balances security and performance, particularly in environments where certain devices frequently access network resources.
14. A non-transitory computer-readable storage medium comprising instructions which, when executed by a computer, cause the computer to carry out the steps of the method of claim 9 .
This invention relates to a computer-implemented method for optimizing data processing in a distributed computing environment. The problem addressed is the inefficiency in resource allocation and task scheduling across multiple computing nodes, leading to suboptimal performance and increased latency. The solution involves a system that dynamically adjusts resource allocation and task distribution based on real-time performance metrics and workload characteristics. The method includes monitoring the performance of computing nodes in a distributed system, collecting metrics such as processing speed, memory usage, and network latency. Based on these metrics, the system identifies underutilized or overloaded nodes and redistributes tasks accordingly. The redistribution is performed using a predictive algorithm that forecasts future workload demands and adjusts resource allocation to prevent bottlenecks. Additionally, the system prioritizes tasks based on their urgency and resource requirements, ensuring critical operations are processed first. The invention also includes a feedback mechanism where the results of task execution are analyzed to refine future allocations. This iterative process improves efficiency over time. The system is designed to operate in heterogeneous environments, accommodating different types of computing nodes, including servers, edge devices, and cloud-based resources. The overall goal is to maximize throughput while minimizing latency and resource waste in distributed computing systems.
Unknown
March 24, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.